Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2014 dpa training february nn

718 views

Published on

Data Protection Training presentation for work. A consistent 7/7 from audience on presentation and slides. The presentation covers the 8 principles of the Act and describes the roles and responsibility of staff.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

2014 dpa training february nn

  1. 1. Data Protection Training Session Information Management Team February 2014
  2. 2. Table of Contents Section 1 Introduction: how the Act works Section 2 Definitions Section 3 The 8 Principles of the DPA Section 4 Your responsibilities Section 5 Additional information 2
  3. 3. Your take aways • Know the 8 principles • Know your role and responsibilities. 3
  4. 4. The Legal Framework Our use of information is governed by a range of laws principally: • The Data Protection Act • The Freedom of Information Act • Common Law Duty of Confidence You need to know how • Human Rights Act these laws affect you! 4
  5. 5. 5
  6. 6. What is the Data Protection Act? 6
  7. 7. How the Act Works As a “data controller” , you have to follow the eight principles so you protect the rights of individuals also known as “data subjects”. The principles cover how you work with personal data and sensitive personal data. 7
  8. 8. SECTION TWO: DEFINITIONS 8
  9. 9. What is personal Information? Personal information is defined broadly and has two criteria: First. It must relate to a living person. The dead do not have data protection rights. The living relatives will have a right to privacy and confidentiality. Second, the person must be identifiable – either from the information itself or from the information plus other information which the data controller either possesses or is likely to possess in the future The definition of personal data includes any expression of opinion about the data subject. 9
  10. 10. What is Sensitive Personal Data? Sensitive personal information is defined by the Act. It covers the following areas: Race ethnic origin Criminal records (including CRB checks) Membership of a trade union Medical records (such as sickness absence) Political opinions Religious, or similar beliefs Sexual life, for example, a person’s sexual orientation In most cases explicit consent is needed before these can be used but other conditions may apply. 10
  11. 11. What is a Data Subject A data subject is any living individual who is the subject of personal data. 11
  12. 12. What is a data controller An organisation, or an individual, is a data controller if it has full authority to decide how and why personal data is to be “processed” . When an organisation uses personal data or shares it with another organisation, it is acting as a data controller. Please note that an employee working for an organisation can never be a data controller. 12
  13. 13. What is processing? 13
  14. 14. SECTION 3 THE 8 PRINCIPLES 14
  15. 15. • If you learn nothing else on Data Protection, remember the following slide and you’ll probably be OK 15
  16. 16. The 8 Data Protection Principles 1. 2. 3. 4. 5. 6. Fairly and lawfully processed Processed for limited purposes. Adequate, relevant and not excessive Accurate and up to date Not kept for longer than is necessary. Processed in line with the rights of the data subject. 7. Stored and processed securely. 8. Not transferred to countries without adequate protection. 16
  17. 17. Principle 1: Fair and Lawful 17
  18. 18. Principle 2. Processed for limited purposes 18
  19. 19. Principle 3. Adequate, relevant, not excessive 19
  20. 20. Principle 4 Accurate 20
  21. 21. Principle 5 Not kept for longer than is necessary. 21
  22. 22. Principle 6 Rights of Data Subjects 22
  23. 23. Principle 7 Secure • VS 23
  24. 24. Principle 8 24
  25. 25. Video Break http://www.youtube.com/watch?v=CdYWoLC7TNI&feature=youtu.be 25
  26. 26. SECTION 4 YOUR RESPONSIBILITIES 26
  27. 27. Responsibilities • • • • Subject Access Requests Security of information Records management Sharing information 27
  28. 28. Subject Access requests • What is a SAR? • What do you need to do? • Educational Record • Third Party Data • Confidentiality 28
  29. 29. Security of Paper records 29
  30. 30. Records management 30
  31. 31. Sharing information 31
  32. 32. SECTION 5 CONTACT INFORMATION 32
  33. 33. Who to contact? Information Commissioner’s Office 0303 123 1113 Information Management Team 03000 268 035 33

×